Bugbear hits hard Down Under

October 4 2002

The Bugbear email worm (also known as Tanatos) has passed Klez as the most common virus in the world this year, according to an advisory posted by the security company F-Secufre.

Australia has become a major victim of the virus, according to Paul McRae from Message Labs Australia. He said Australia was the second-worst affected country in the world, receiving 20 per cent of all the virus emails.

Bugbear is a Windows mass mailer, spreading itself in infected email attachments, sometimes executing the attachment automatically. It also tries to spread through open Windows fileshares. The worm sometimes prints massive amounts of nonsense text on network printers.

It attempts to halt the operation of various antivirus and firewall programs. Once a machine is infected, it can be remotely controlled, allowing an attacker to steal and delete information.

The worm can pick up old email messages from an infected system and send them to random email addresses. This means private email will be disclosed to third parties. When people receive such email, they will be baffled by the contents. In many cases they will click on the file attachment just to figure out what the strange email is all about and thereby becoming infected.
");document.write("

advertisement

");
}
}
// -->

Some e-mails sent by Bugbear will execute automatically as soon as they are previewed or read. In some cases the worm fakes the email address of the sender - making it look as if an innocent third party sent the worm. This creates further confusion and makes it difficult to warn the infected parties of the problem.

McAfee has upgraded the worm's threat to high risk while Symantec has the worm listed as having high geographical distribution.

"For some reason, Australia and New Zealand are key targets for this insidious virus," said McRae, who operates Message Labs Australia out of Queensland.

"This particular virus was born out of Malaysia and that is another reason that it hit us - it would have been the geographical release for the virus."

Australia and New Zealand account for 32 per cent of the emails received.

The UK is the worst affected, having received 55 per cent of the virus hits.

"It is spreading mainly in the UK, then Australia, New Zealand which is unusual as normally you see it go through Europe and the US," McRae said.

Message Labs, a UK company, scans more than 13 million emails globally over a 24-hour period and is detecting 2,000 infected emails an hour.

The company gave an initial warning about the virus on Sunday and has stopped about 75,000 contaminated email messages so far.

"Bugbear can "mix and match" info from email addresses, combining the
text prior to the @ symbol of one address with the text following the @ symbol of another address, which further confuses the identify of
the real sender," he said.

Fewster said Bugbear attacked and kills most installed software firewalls and most antivirus software which had not been updated to handle the worm, and it would prevent successful re-installation.

"We're receiving lots of 'PoopScan detected a virus in an email from you' messages," said Fewster. "Now the problem is bad enough without what I call 'spamvertising'. Antivirus vendors responsible for these 'warnings' know damn well that there's little chance of the guy in the 'From' field being the actual sender of the virus. Bandwidth costs money ... and these shonks are using everyone else's to tout their programs!"